Quality assurance for PROFIsafe products and systems

One of the most important steps in the technology development of PI (Profibus & Profinet International) is the completion of PROFIsafe, the specification for functional safe communications for Profibus. This step is described as a quantum leap in the world of safety-oriented automation and opens up a broad range of new possibilities. Since 2005, the PROFIsafe profile has also been available for use in Profinet IO systems. The relevant approvals from TV and BGIA (the German Institute for Occupational Safety and Health) were awarded immediately on conclusion of the technology development.

PROFIsafe has since become an international standard IEC 61784-3-3. Steps are also currently being taken to establish PROFIsafe as a national standard in China.

Since its first publication, PI says PROFIsafe has become the world's leading and most consistent technology for functional safe communications. By the end of 2007, more than 41,000 plants were in operation with a total of more than 410,000 PROFIsafe nodes - of which approximately 10 per cent are in process automation plants.

The quality of products and systems is crucial, particularly in areas of safety. And in order to guarantee these for PROFIsafe, PI has initiated a range of structural and organisational measures. These include documents, such as the 'PROFIsafe Policy' and 'Environmental Guideline,' the introduction of certification for PROFIsafe products, the setting up of PROFIsafe Competence Centres, and training courses with a final exam for qualification as a Certified PROFIsafe Engineer.

PROFIsafe offers a uniform profile for safety applications on the basis of Profibus DP and Profinet IO networks. It is used in exclusively Profibus DP (V1 mode) or Profinet IO networks (V2 mode), but is also suitable for cross-system use in mixed networks (V2 mode) with both Profibus DP and Profinet IO. PROFIsafe has also since been approved for wireless transmission technologies, such as WLAN and Bluetooth. When incorporated with data security technology, it can be used over Ethernet backbones.

Already PROFIsafe is being used for safe communications in both manufacturing and process automation, offering the following advantages: reduced cabling, flexibility during commissioning, expansion and/or revamp, consistent engineering, and diagnostics.

Standards compliance

PROFIsafe defines how fail-safe devices communicate with safety controls over a network so reliably that they can be deployed in safety applications up to SIL3 according IEC 61508 or PLe/Category 4 according ISO 13849-1:2006 (which succeeds EN 954-1). To achieve this safe communication, it uses a profile, ie a special format of the user data and a special protocol. The spectrum of devices ranges from safe remote I/O modules to emergency stop pushbuttons, light curtains, laser scanners, overfill safety systems, transmitters for drives with integrated safety functions, and robots.

The PROFIsafe profile uses the black channel principle, which specifies that the safety layer is independent of the underlying transmission path, ie it includes the Profinet/Profibus transmission and the backplane buses of PLC and field devices.

PROFIsafe can be easily implemented over software and, used in conjunction with Profibus and Profinet, covers the whole spectrum of safety applications in process and manufacturing automation. If the software of Profibus DP devices is upgraded to V2 mode, the Profibus DP interface only needs to be replaced by a Profinet IO interface to enable operation directly on Profinet IO networks.

In the world of automation, functional safety is crucial and must be exceptionally reliable, as it controls the protection of man, machine and environment. It is therefore essential to ensure consistent public relations and the careful implementation and use of PROFIsafe technology. In order to ensure this is the case, PI has defined special measures.

PROFIsafe Policy

The PROFIsafe Policy document provides a set of rules for companies that want to provide PROFIsafe products and systems. It describes the necessary development steps for PROFIsafe products, including the necessary QA measures, regulates the use of the PROFIsafe logo and provides a summary of the relevant standards and documents. This document has been drawn up in collaboration with TV and BGIA and is included by said organisations in the approval process for the PROFIsafe technology. All participating companies and institutions are obliged to comply with the rules of the PROFIsafe Policy.

The IEC 61508 standard defines special requirements, such as increased electromagnetic immunity, without detailing specifics. This gap is filled by a supplementary guideline, PROFIsafe Environment, which promotes the development and use of fail-safe devices and fail-safe hosts.

There are two ways to implement the PROFIsafe driver software in devices: in accordance with specifications or by using a starter kit that is available on the market. The advantages of a starter kit are obvious: tested and pre-certified driver software, additional valuable information, tools and technical support. All available ASICs and communication layers can be used for the interfaces to Profibus and Profinet. The PROFIsafe driver software just needs to be adapted accordingly.

Product certification

Conformity of PROFIsafe products (devices and hosts) to the PROFIsafe protocol must be tested in accredited PI test laboratories and certified by the PI certification office. The condition for the use of such products in safety applications is a safety certificate from one of the renowned testing agencies, such as TV or BGIA, according to IEC 61508. In turn, this certificate can only be obtained if the product has been awarded a PROFIsafe certificate by the PI certification office. A PROFIsafe certificate is granted on the basis of a positive test report, which is issued by an accredited PI test laboratory (PITL). The PROFIsafe Test Specification defines the roles and tasks of the assessment bodies (eg TV, PNO) and the PITLs. The tests are designed to ensure conformity of the Profibus/Profinet communication functions to the specifications and adherence to the PROFIsafe profile.

The use of certified products reduces costs for end users. The certification test is crucial to quality assurance. The aim of device certification is to ensure the necessary safety for users when interconnecting devices from different manufacturers. Implementation of successfully tested devices guarantees fault-free communications with regard to the communication protocol. This enables significant cost reductions when commissioning and replacing devices.

PI has now set up more than 35 Competence Centres (PICC) worldwide. The PICCs offer a whole range of services. These can include seminars on a range of topics, acceptance of development tasks, advice on the implementation of technologies or the commissioning or troubleshooting of plants. Due to the broad scope and the range of application options of these technologies, these services have been broken down into different areas of technical expertise.

The accreditation by PICCs, which covers the scope of PROFIsafe, contains additional conditions due to the importance of functional safety. Because the focus here is on the safety of man, machine and environment, these additional conditions are based on compliance with pertinent legal and technical regulations.

In order to ensure adherence to the required quality, the experts responsible for functional safety at the PICCs for PROFIsafe are also obliged to participate in a workshop that culminates in a final exam. The workshop is run as a collaboration between PI and the TV. This workshop must be repeated, and the exam passed, every two years.

Approved training

PI Training Centres (PITC) have been set up in order to ensure a globally uniform training standard for engineers and technicians. The accreditation of the PITC and their experts ensures the quality of this training and thus the engineering and setup services for Profibus and Profinet.

The required high quality of PROFIsafe products and systems depends largely on the quality of the expertise and the applied methods/procedures of the development team. This can be kept at the required level through the implementation of an appropriate training programme. For this purpose, the responsible working group of the PNO, in collaboration with TV, have worked out a programme that is offered to interested member companies for personnel training. The two-day training course finishes with a final exam. On successful completion of the course, the experts receive a TV certificate as a Certified PROFIsafe Designer. The two-day training course must be repeated every two years. This is designed to ensure that the knowledge of the experts is kept up-to-date.